Cross-Site Scripting Flaw in SAPUI5 Applications by SAP
CVE-2025-42990

3LOW

Key Information:

Vendor: SAP
Status: SAPui5 Applications
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-42990?

SAPUI5 applications have a vulnerability that permits attackers with minimal privileges to inject harmful HTML code into web pages. This security flaw can lead to user redirection to malicious URLs, compromising the integrity of the application during interactions. Precautionary measures should be taken to secure applications against this form of attack to maintain user trust and operational integrity.

Affected Version(s)

SAPUI5 applications SAP_UI 750

SAPUI5 applications 754

SAPUI5 applications 755

References

https://me.sap.com/notes/3601169

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025